Editor role now only can edit his own content

This commit is contained in:
Diego Najar 2019-05-12 14:31:33 +02:00
parent 10ba5625da
commit 05a17e9122
3 changed files with 48 additions and 18 deletions

View File

@ -10,6 +10,19 @@ checkRole(array('admin', 'editor'));
// Functions
// ============================================================================
// Returns the content belongs to the current user if the user has the role Editor
function filterContentOwner($list) {
global $login;
global $pages;
$tmp = array();
foreach ($list as $pageKey) {
if ($pages->db[$pageKey]['username']==$login->username()) {
array_push($tmp, $pageKey);
}
}
return $tmp;
}
// ============================================================================
// Main before POST
// ============================================================================
@ -22,21 +35,25 @@ checkRole(array('admin', 'editor'));
// Main after POST
// ============================================================================
// List of published pages
$onlyPublished = true;
$numberOfItems = ITEMS_PER_PAGE_ADMIN;
$pageNumber = $url->pageNumber();
$published = $pages->getList($pageNumber, $numberOfItems, $onlyPublished);
$published = $pages->getList($url->pageNumber(), ITEMS_PER_PAGE_ADMIN);
$drafts = $pages->getDraftDB(true);
$scheduled = $pages->getScheduledDB(true);
$static = $pages->getStaticDB(true);
$sticky = $pages->getStickyDB(true);
// If the user is an Editor filter the content he/she can edit
if (checkRole(array('editor'))) {
$published = filterContentOwner($published);
$drafts = filterContentOwner($drafts);
$scheduled = filterContentOwner($scheduled);
$static = filterContentOwner($static);
$sticky = filterContentOwner($sticky);
}
// Check if out of range the pageNumber
if (empty($published) && $url->pageNumber()>1) {
Redirect::page('content');
}
$drafts = $pages->getDraftDB(true);
$scheduled = $pages->getScheduledDB(true);
$static = $pages->getStaticDB(true);
$sticky = $pages->getStickyDB(true);
// Title of the page
$layout['title'] .= ' - '.$L->g('Manage content');

View File

@ -4,7 +4,7 @@
// Check role
// ============================================================================
if (!checkRole(array('admin','editor'), false)) {
if (checkRole(array('editor'), false)) {
try {
$pageKey = isset($_POST['key']) ? $_POST['key'] : $layout['parameters'];
$page = new Page($pageKey);

View File

@ -100,21 +100,34 @@
<!-- Profile picture tab -->
<div class="tab-pane fade" id="picture" role="tabpanel" aria-labelledby="nav-picture-tab">
<div class="custom-file mb-2">
<div class="container">
<div class="row">
<div class="col-lg-4 col-sm-12 p-0 pr-2">
<div class="custom-file">
<input type="file" class="custom-file-input" id="jsprofilePictureInputFile" name="profilePictureInputFile">
<label class="custom-file-label" for="jsprofilePictureInputFile"><?php $L->p('Choose images to upload'); ?></label>
<label class="custom-file-label" for="jsprofilePictureInputFile"><?php $L->p('Upload image'); ?></label>
</div>
<div>
<!-- <button id="jsbuttonRemovePicture" type="button" class="btn btn-primary w-100 mt-4 mb-4"><i class="fa fa-trash"></i> Remove picture</button> -->
</div>
<div class="col-lg-8 col-sm-12 p-0 text-center">
<img id="jsprofilePicturePreview" class="img-fluid img-thumbnail" alt="Profile picture preview" src="<?php echo (Sanitize::pathFile(PATH_UPLOADS_PROFILES.$user->username().'.png')?DOMAIN_UPLOADS_PROFILES.$user->username().'.png?version='.time():HTML_PATH_CORE_IMG.'default.svg') ?>" />
</div>
</div>
</div>
<script>
// $("#jsbuttonRemovePicture").on("click", function() {
// var username = $("#jsusername").val();
// bluditAjax.removeProfilePicture(username);
// $("#jsprofilePicturePreview").attr("src", "<?php echo HTML_PATH_CORE_IMG.'default.svg' ?>");
// });
$("#jsprofilePictureInputFile").on("change", function() {
var formData = new FormData();
formData.append('tokenCSRF', tokenCSRF);
formData.append('profilePictureInputFile', $(this)[0].files[0]);
formData.append('username', $("#jsusername").val());
$.ajax({
url: HTML_PATH_ADMIN_ROOT+"ajax/upload-profile-picture",
url: HTML_PATH_ADMIN_ROOT+"ajax/profile-picture-upload",
type: "POST",
data: formData,
cache: false,